
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 

Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.uspto.gov 



APPLICATION NO. : ' 


FILING DATE 


FIRST NAMED INVENTOR 


ATTORNEY DOCKET NO. 


CONFIRMATION NO. 


10/686,550 


10/14/2003 


Kumar Sundararajan 


021 970-0005 10US 


3475 



20350 7590 08/17/2007 

townsend and townsend and CREW, LLP 

TWO EMBARCADERO CENTER 
EIGHTH FLOOR 

SAN FRANCISCO, C A 941 1 1-3834 



EXAMINER 



HOANG, DANIEL L 



ART UNIT 



2136 



PAPER NUMBER 



MAIL DATE 



DELIVERY MODE 



08/17/2007 PAPER 

Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 



PTOL-90A (Rev. 04/07) 



Office Action Summary 


Application No. 

10/686,550 


Applicant(s) 

SUNDARARAJAN ET AL. 


Examiner 

Daniel L. Hoang 


Art Unit 

2136 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address 



Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after t he mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

Responsive to communication(s) filed on 07 June 2007 . 
2a)E3 This action is FINAL. 2b)D This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-24 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) I3 Claim(s) 1-24 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10)D The drawing(s) filed on is/are: a)Q accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
1 !)□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)D Some * c)Q None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. Q Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attachment(s) 

1 ) Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Pa P er No(s)/Mail Date. 

3) □ Information Disclosure Statement(s) (PTO/SB/08) 5 > □ Notice of Informal Patent Application 

Paper No(s)/Mail Date . 6) □ Other: . 



U.S. Patent and Trademark Off be 
PTOL-326 (Rev. 08-06) 



Office Action Summary 



Part of Paper No. /Mail Date 20070814 



Application/Control Number: 1 0/686,550 Page 2 

Art Unit: 2136 

DETAILED ACTION 

CLAIMS PRESENTED 

Claims 1-24 are presented. 

Response to Arguments 

1 . Applicant's arguments see page 7 of 12, filed 6/07/07, with respect to the previous office action's 
objections and 112 second paragraph rejections have been fully considered and are persuasive. The 
objection of claim 23 and 1 12 rejections of claims 6 and 17 has been withdrawn. 

2. Applicant's arguments with respect to claims1-24 have been considered but are moot in view of 
the new ground(s) of rejection. 

CLAIM REJECTIONS 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

3. Claims 1 , 14, and 24 rejected under 35 U.S.C. 112, second paragraph, as being indefinite for 
failing to particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. 

As per claim 1: 

Said claim recites the limitation, "a plurality of interfaces, the plurality of interfaces including a first 
interface". Applicant's specification only discloses one interface. It is unclear to examiner which other 
interface(s) applicant intends to claim in the above limitation. Examiner requests that applicant show 
where support for this limitation occurs in applicant's specification or amend the claim so that it complies 
with the specification. For purposes of examination, examiner is interpreting the claim language to 
comply with applicant's specification. 
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Said claim further recites the limitation, "a tracking component being configured to provide a 
statistics based on data flows associated with the plurality of interfaces". Applicant's specification does 
not disclose a tracking component configured to provide statistics. Tracking in l/Os between the server 
and the storage subsystem is disclosed in paragraph 0029 of the specification which examiner can 
assume to be the tracking of data flows. But even with this assumption, only tracking of data flows 
occurs, it is unclear where statistics are being provided based on the tracking of these data flows. A 
statistics processor is disclosed in paragraph 0049, which collects statistics based on configured rules. It 
is unclear whether this statistics processor is being claimed by the limitation, "a tracking component". 
Even if examiner were to assume that this was the case, "collecting statistics based on configured rules" 
does not necessarily mean "configured to provide statistics based on data flows". Examiner requests that 
applicant show support for the above limitation in the specification or amends the claim so that said 
limitation is not present in the claim language. 

Said claim further recites the limitation, "the type including at least initiator, data, and terminator". 
As evident in applicant's disclosure in paragraph 0006 and 0007, "the type is selected from at least an 
initiator, data, or terminator". It is interpreted that applicant's claim currently intends to claim that the type 
includes all 3 but the disclosure only specifies at least 1 of the 3. For purposes of examination, examiner 
is interpreting the claim language to comply with applicant's specification. 

Said claim further recites the limitation, "the encryption/decryption processing being adapted to 
perform encryption/decryption based on the statistics and the type". Examiner assumes that the word 
"processing" is a grammatical error and assumes the claim should read, "the encryption/decryption 
processor..." Applicant's specification does not disclose said processor being able to perform 
encryption/decryption based on the statistics and the type. Applicant only discloses that the processor is 
able to perform encryption/decryption block by block. There is no mention of encryption/decryption being 
perform based on statistics and type. Examiner requests that applicant show where support for the 
above limitation occurs in the specification or amends the claim so that it complies with the specification. 
For purposes of examination, examiner is interpreting the claim language to comply with applicant's 
specification. 
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For the above reasons, said claim is rendered indefinite. Appropriate correction is required. 
Claims 14 and 24 are also similarly rejected. 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1-24 are rejected under 35 U.S.C. 103(a) as being unpatentable over Chow, and 
further in view of Amara, US Patent No. 6,674,743. 
As per claim 1: 
Chow teaches: 

Apparatus for security applications, the apparatus comprising: 

an interface coupled to a storage network, the interface being adapted to receive a frame from the 
storage network; 

[see fig. 2, element 208] 
a tracking component being configured to track data flows associated with the interface; 

[see fig. 7b, wherein incoming packet passes through the packet parser into the packet memory. 

Concurrently, the packet structure information is sent to the packet bit mask generator] 

Examiner interprets this as being analogous to tracking data flows. 
a classifier coupled to the interface, the classifier being adapted to determine an information type 
associated with the frame, the type being an initiator, data, or terminator, the classifier being adapted to 
determine header information associated with the frame; and 
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[see fig. 2, element 210] 
a content addressable memory coupled to the classifier. 

[see fig. 2, element 216] 
Chow does not teach: 

an encryption/decryption processor coupled the security action processor, the encryption/decryption 
processor being adapted to encrypt/decrypt the data block by block. 

Amara teaches a packet forwarding apparatus that comprises the above limitation not taught by Chow. 

[see col. 5, lines 16-20] "Policy engine 126 applies a policy to the internal packets. Specifically, 
policy engine 126 examines one or more selector fields present in the internal packet s. Typical 
selector fields include the source address, destination address, source port, destination port, and 
protocol type. Policy engine 126 also applies a set of rules specifying the manner in which a 
given packet should be handled if the selector fields of the given packet match certain predefined 
criteria. Such handling can include without limitation dropping the packet, logging the packet, 
encrypting or decrypting the packet" 

It would have been obvious at the time of the invention to one of ordinary skill in the art to modify the 

Chow invention to include the encryption/decryption taught by Amara in order to secure data coming in 

and going out of the system. 



As per claim 2, Chow teaches: 

Apparatus of claim 1 wherein the content addressable memory comprises a rule portion and a flow 
portion, the rule portion being adapted to determine header information and command information from 
the initiator frame and the flow portion being adapted to provide a flow based upon the header 
information. 

[see paragraph 0052] "Using the search key generated by the method described herein, a lookup 
or search is done on the classification database contained in the CAM (arrow 826). The resulting 
content address or entry address 218 (FIG. 2), matching the search key 214 (FIG. 2), obtained 
from the classification database in CAM 806 is then used to perform a memory read into an 
associated memory 814 (arrow 828), to determine the policy of the packet received as well as the 
treatment of that packet, as shown by the arrow 826. Depending on the policy received from the 
CAM controlling hardware 804 and the packet information retrieved from packet memory 810, the 
egress manager 812 performs some policy action (e.g., metering and shaping, quality of service 
provisions, packet counting and billing actions, DSCP remarking, CPU actions, etc.), as dictated 
in the action content database, and sends out the resulting packet 834 to the appropriate network 
(or receiving port). " 
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As per claim 3: 

Chow teaches: 

Apparatus of claim 1 further comprising: 

a central processing unit coupled to the classifier; v 

[see fig. 10, element 1002] 
an action processor coupled to the central processing unit; 

[see fig. 2, element 220] 

a security action processor SAP processor coupled to the central processing unit, the SAP being adapted 
to process data block by block; and 

[see paragraph 42] "The resulting content address or entry address 218, matching the search key 
214, obtained from the classification database 216 is then used to perform a memory read into an 
associated memory 220, which contains the specific actions 222 that should be applied to the 
packet 

Chow does not teach: 

an encryption/decryption processor coupled the security action processor, the encryption/decryption 
processor being adapted to encrypt/decrypt the data block by block. 

Amara teaches a packet forwarding apparatus that comprises the above limitation not taught by Chow. 

[see col. 5, lines 16-20] "Policy engine 126 applies a policy to the internal packets. Specifically, 
policy engine 126 examines one or more selector fields present in the internal packets. Typical 
selector fields include the source address, destination address, source port, destination port, and 
protocol type. Policy engine 126 also applies a set of rules specifying the manner in which a 
given packet should be handled if the selector fields of the given packet match certain predefined 
criteria. Such handling can include without limitation dropping the packet, logging the packet, 
encrypting or decrypting the packet. " 

It would have been obvious at the time of the invention to one of ordinary skill in the art to modify the 

Chow invention to include the encryption/decryption taught by Amara in order to secure data coming in 

and going out of the system! 

As per claim 4, Chow teaches: 

Apparatus of claim 1 wherein the initiator determines a read or a write process. 

[see paragraph 44] "The packet parser 504 also reads the incoming packet 208 to determine the 
type and structure of such packet. " 
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As per claim 8, Chow teaches: 

Apparatus of claim 1 wherein the classifier is provided on an integrated circuit chip. 
[see fig. 8, element 802] 



As per claim 9, Chow teaches: 

Apparatus of claim 1 wherein the classifier is adapted to maintain wire speed operation while determining 

the information type and header information associated with the frame. 

[see paragraph 23] "The use of the invention allows flexibility in the choice of packet fields, 
thereby providing a router with reconfigurable classification functions, without any complex 
programming. This would reduce the cost of replacing routers, allow routers to be placed 
anywhere within the Internet topology, and allow routers to simultaneously meet different market 
requirements. " 

As per claim 10, Chow teaches: 

Apparatus of claim 1 further comprising a flow context random access memory coupled to the classifier, 
the flow context random access memory being adapted to store a policy based upon a flow, the flow 
being associated with the header information. 
[see fig. 2, element 220] 



As per claim 11, Chow teaches: 

Apparatus of claim 1 wherein the classifier is used in determining access controls to target volumes & 
partitions. 

[see paragraph 53] "Once the intelligent software 904 is loaded and executed, the user is 
provided with an interface enabling such user to define a set of selection criteria. Another 
embodiment, not illustrated in the figure, is wherein the user 902 has access to the intelligent 
software, but such software is not directly contained in the user's computer (e.g., software 
contained in a network computer). The intelligent software may be written in a programming 
language, such as C, C++, and the like. Various configurations on how such intelligent software 
may be deployed and implemented are known in the art." 



As per claim 12, Chow teaches: 
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Apparatus of claim 1 wherein the classifier is used in allowing access to specific targets only to 
authenticated hosts and, in some scenarios applications running on the hosts. 
[see above rejection of claim 11, "access to the intelligent software"] 

As per claim 13, Chow teaches: 

Apparatus of claim 1 wherein the apparatus is operable in a NULL port in a storage area network. 

[see paragraph 42] "The resulting content address or entry address 218, matching the search key 
214, obtained from the classification database 216 is then used to perform a memory read into an 
associated memory 220, which contains the specific actions 222 that should be applied to the 
packet. For example, an Internet Service Provider router that needs to perform packet filtering, 
policy routing, accounting and billing, traffic rate limiting, and traffic shaping may use the present 
invention to access certain fields from the incoming packet information, notably, the destination 
IP, source IP, destination L4 port number, source L4 port number, and protocol. 

As per claim 14: 

Chow teaches: 

Apparatus for security applications of storage area networks, the apparatus comprising: 

an interface coupled to a storage network, the interface being adapted to receive a frame from the 

storage network; 

[see fig. 2, element 208] ■ 
a tracking component being configured to track data flows associated with the interface; 

[see fig. 7b, wherein incoming packet passes through the packet parser into the packet memory. 

Concurrently, the packet structure information is sent to the packet bit mask generator] 

Examiner interprets this as being analogous to tracking data flows. 
a classifier coupled to the interface, the classifier being adapted to determine an information type 
associated with the frame, the type being an initiator, data, or terminator, the classifier being adapted to 
determine header information associated with the frame; and 

[see fig. 2, element 210] 

a content addressable memory coupled to the classifier, the content addressable memory comprises a 
rule portion and a flow portion, the rule portion being adapted to determine header information and 
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command information from the initiator frame and the flow portion being adapted to provide a flow based 
upon the header information; 

[see fig. 2 element 216] 
a central processing unit coupled to the classifier; 

[see fig. 10, element 1002] 
an action processor coupled to the central processing unit; 

[see fig. 2, element 220] 

a security action processor SAP processor coupled to the central processing unit, the SAP being adapted 

to process data block by block; and 

[see paragraph 42] "The resulting content address or entry address 218, matching the search key 
214, obtained from the classification database 216 is then used to perform a memory read into an 
associated memory 220, which contains the specific actions 222 that should be applied to the 
packet. 

Chow does not teach: 

an encryption/decryption processor coupled the security action processor, the encryption/decryption 
processor being adapted to encrypt/decrypt the data block by block. 

Amara teaches a packet forwarding apparatus that comprises the above limitation not taught by Chow. 

[see col. 5, lines 16-20] "Policy engine 126 applies a policy to the internal packets. Specifically, 
policy engine 126 examines one or more selector fields present in the internal packets. Typical 
selector fields include the source address, destination address, source port, destination port, and 
protocol type. Policy engine 126 also applies a set of rules specifying the manner in which a 
given packet should be handled if the selector fields of the given packet match certain predefined 
criteria. Such handling can include without limitation dropping the packet, logging the packet, 
encrypting or decrypting the packet. " 

It would have been obvious at the time of the invention to one of ordinary skill in the art to modify the 

Chow invention to include the encryption/decryption taught by Amara in order to secure data coming in 

and going out of the system. 

As per claim 15, Chow teaches: 

Apparatus of claim 14 wherein the initiator determines a read or a write process. 

[see paragraph 44] "The packet parser 504 also reads the incoming packet 208 to determine the type and 

structure of such packet." 
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As per claim 19, Chow teaches: 

Apparatus of claim 14 wherein the classifier is provided on an integrated circuit chip. 
[see fig. 8, element 802] 

As per claim 20, Chow teaches: 

Apparatus of claim 14 wherein the classifier is adapted to maintain wire speed operation while 

determining the information type and header information associated with the frame. 

[see paragraph 23] "The use of the invention allows flexibility in the choice of packet fields, 
thereby providing a router with reconfigurable classification functions, without any complex 
programming. This would reduce the cost of replacing routers, allow routers to be placed 
anywhere within the Internet topology, and allow routers to simultaneously meet different market 
requirements." 

As per claim 21, Chow teaches: 

Apparatus of claim 14 further comprising a flow context random access memory coupled to the classifier, 
the flow context random access memory being adapted to store a policy based upon a flow, the flow 
being associated with the header information. 
[see fig. 2, element 220] 

As per claims 5 and 16: 

Apparatus of claim 1 wherein the content addressable memory comprises at least two MBit. 

Applicant does not disclose within the specification as to what size the content addressable 
memory may comprise. Examiner interprets this as merely a matter of design choice. 

As per claims 6, 7, 17, and 18: 

The Chow and Amara references have been discussed above. They do not specifically cite that the 
interface is adapted to receive the frame through a fiber channel in a SCSI format. It would have been 
obvious to one having ordinary skill in the art at the time the invention was made to add to the Chow and 
Amara inventions in order to receive frames through a fiber channel in a SCSI format because fiber 



Application/Control Number: 10/686,550 
Art Unit: 2136 



Page* 11 



channels increase the distance in which frames can travel and SCSI frames can be transported at higher 
speeds. 

As per claim 22, Chow teaches: 

Apparatus of claim 14 wherein the apparatus is not a switch or a router or a virilization device. 

[see fig. 2] 
As per claim 23, Chow teaches: 

Apparatus of claim 22 wherein the apparatus further comprises a switch or a router or a virtualization 
device. 

[see fig. 2, element 204] 
As per claim 24, Chow teaches: 

A method for security applications for storage area networks, the method comprising: 
receiving one or more frames at a security apparatus from a storage area network device through a fibre 
channel, the storage area network device being operated by client device, the client device being coupled 
to the storage area network device; 

[see fig. 2, element 208] 
determining a frame type of the one or more frames at the security apparatus; 

[see fig. 2, element 210] 
creating a flow process through one or more processors if the frame type of an initiator frame; 

[see fig. 2 element 216] 

processing one or more subsequent frames associated with the flow process through the one or more 
processors at wire speed; 

[see paragraph 23] "The use of the invention allows flexibility in the choice of packet fields, 
thereby providing a router with reconfigurable classification functions, without any complex 
programming. This would reduce the cost of replacing routers, allow routers to be placed 
anywhere within the Internet topology, and allow routers to simultaneously meet different market 
requirements." 

whereupon the processing is substantially transparent to a user of the client device. 
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[see paragraph 37, wherein the system administrator configures the system but the processing is 
implemented by the system and is essentially transparent to the user. 

CONCLUSION 

Applicant's amendment necessitated the new ground(s) of rejection presented in this Office 
action. Accordingly, THIS ACTION IS MADE FINAL See MPEP § 706.07(a). Applicant is reminded of 
the extension of time policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE MONTHS from 
the mailing date of this action. In the event a first reply is filed within TWO MONTHS of the mailing date 
of this final action and the advisory action is not mailed until after the end of the THREE-MONTH 
shortened statutory period, then the shortened statutory period will expire on the date the advisory action 
is mailed, and any extension fee pursuant to 37 CFR 1.136(a) will be calculated from the mailing date of 
the advisory action. In no event, however, will the statutory period for reply expire later than SIX 
MONTHS from the date of this final action. 



POINTS OF CONTACT 

Any response to this Office Action should be faxed to (571) 273-8300 or mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

f 

Hand-delivered responses should be brought to 

Customer Service Window 
Randolph Building 
401 Dulaney Street 
Alexandria, VA 22314 
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*. Any inquiry concerning this communication or earlier communications from the examiner should 

be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner can normally 

be reached on Monday - Thursday, 8:00 a.m. - 5:00 p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 

Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the organization where 

this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent Application 
Information Retrieval (PAIR) system. Status information for published applications may be 
obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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